svn commit: samba r20315 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules librpc/idl rpc_server/drsuapi torture/rpc

Stefan (metze) Metzmacher metze at samba.org
Fri Dec 22 16:20:45 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

abartlet at samba.org schrieb:
> Author: abartlet
> Date: 2006-12-22 07:04:06 +0000 (Fri, 22 Dec 2006)
> New Revision: 20315
> 
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20315
> 
> Log:
> Implement the server side of DsGetDomainControllerInfo.  This is a
> supprisingly complex call...
> 
> It turns out that the in/out parameter 'level' is not in/out, but set
> seperatly by the server-side code from r->req.req1.level.
> 
> This commit also breaks out some common code from samldb into samdb.

Hi Andrew,

I fear your implementation for the DSGetDomainControllerInfo is a bit
wrong...

what we need to do is this:

1. lookup the domain dn using samdb_domain_to_dn().
   and return WERR_DS_OBJ_NOT_FOUND if it's not found.

2. then lookup the sites container dn sing samdb_sites_dn().

3. and search in the sites container for all nTDSDSA objects.
   and not for all server objects, as member servers can also have them
   when they host a DFS share and use FRS.

4. then for every found nTDSDSA object we need to lookup the parent
   server object and see if the serverReference (which holds the dn
   of the computer account) matches the domain dn using
   ldb_dn_compare_base(). This is needed because the DC's of all domains
   in the forest are under the same sites container.
   We might also need to check if the computer account has the
   UF_SERVER_TRUST_ACCOUNT bit in userAccountControl.

also the samdb_partitions_dn() and samdb_sites_dn() are implemented
wrong. just adding CN=Configuration, to the default_basedn is wrong
as in child domains the config partition isn't a child of the domain
object. that's only the case for the forest root domain.

I think we should have a ldb_[s|g]et_config_basedn() simular to
the ldb_[s|g]et_default_basedn().

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFjAXcm70gjA5TCD8RAvmjAJ4iUgILbslqr2SGvLZ2cdUD4uRJcACfd3PR
7VTAlknjikfDNrmRBKDld60=
=l1Wf
-----END PGP SIGNATURE-----

More information about the samba-cvs mailing list